DeStefanO Skrevet 17. oktober 2006 Rapporter Del Skrevet 17. oktober 2006 Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.0Scan saved at 17:59:18, on 17.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe D:\Adobe Elements 4\Install\PhotoshopElementsFileAgent.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\Norton\Install\navapsvc.exe D:\Norton\Install\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Adobe Elements 4\Install\apdproxy.exe C:\Programfiler\HP\HP Share-to-Web\hpgs2wnd.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe D:\QuickTime\qttask.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\Programfiler\HP\HP Share-to-Web\hpgs2wnf.exe D:\Winamp\Install\Winamp\winampa.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe D:\Olympus Master\Install\Monitor.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Kaspersky\mwavscan.com C:\Kaspersky\kavss.exe D:\Windows Commander 5.0\Install\wincmd\WINCMD32.EXE C:\WINDOWS\system32\taskmgr.exe D:\Opera\Install\Opera.exe D:\Hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SpyBot\Install\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Norton\Install\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Norton\Install\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NetLimiter] D:\NetLimiter\Install\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Adobe Elements 4\Install\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programfiler\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] D:\Olympus Master\Install\FirstStart.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\Install\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [OM_Monitor] D:\Olympus Master\Install\Monitor.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5A58EA6E-AB1F-45EA-A21C-E0CF32830322}: NameServer = 85.255.115.35,85.255.112.122 O17 - HKLM\System\CCS\Services\Tcpip\..\{9613C1FE-87E7-402F-829E-7A6AA9BDB3DC}: NameServer = 85.255.115.35,85.255.112.122 O17 - HKLM\System\CCS\Services\Tcpip\..\{F7726804-249B-47F4-8CD3-0B4B785BA169}: NameServer = 85.255.115.35,85.255.112.122 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.35 85.255.112.122 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.35 85.255.112.122 O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programfiler\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 - Unknown - D:\Adobe Elements 4\Install\PhotoshopElementsFileAgent.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - D:\Norton\Install\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - D:\Norton\Install\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan - Symantec Corporation - D:\Norton\Install\SAVScan.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Her er den. Tillhører en venn av meg og nå går det tregt her Takk på forhånd Lenke til kommentar
snarius Skrevet 17. oktober 2006 Rapporter Del Skrevet 17. oktober 2006 Program frå firmaet Symantec er ikkje akkurat kjende for å gjere maskina di kjappare Lenke til kommentar
DeStefanO Skrevet 23. oktober 2006 Forfatter Rapporter Del Skrevet 23. oktober 2006 Finner dere ikke noe skummelt der ? Lenke til kommentar
Preben01 Skrevet 29. oktober 2006 Rapporter Del Skrevet 29. oktober 2006 Det ser ut som den overtar DNS'en på den lokale maskinen. Og bruker IP'ene; NameServer = 85.255.115.XX,85.255.112.1XX Førstnevnte er fra " Kharkiv, Kharkivs'Ka Oblast'" i Ukraina Nederste er fra " Foster City, California" Det er liten sjangse for at han ønsker å bruke deres DNS, så det er godt mulig at den er hijacket. Så alt han surfer på går via deres DNS. Dette betyr at når han går inn på f.eks. www.ebay.com, og spør da DNS'ene over så vil han kunne bli sendt til en fake ebay side, uten å kunne detektere det. Jeg kjenner personlig ikke til denne registry-nøkkelen, men slik som jeg ser det - er det godt mulig at det er nettopp dette den er brukt til. Lignende virus/ormer som gjør dette bruker ofte å legge inn ting i hosts filen også, som en backup. Du kan sjekke: c:\windows\system32\drivers\etc\hosts Hvis du prøver å åpne denne i notepad, kan du se om det er gjort noen oppføringer der. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå